From a07276942773c31d75bf729ae89d6057df71a6dd Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Tue, 4 Feb 2025 13:57:32 +0000 Subject: [PATCH] Use a hard-coded string for virtual measurement (#6802) Co-authored-by: Amaury Chamayou --- src/pal/quote_generation.h | 9 +-------- tests/code_update.py | 2 +- tests/infra/utils.py | 3 +-- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/pal/quote_generation.h b/src/pal/quote_generation.h index db55b4bdea08..265a4e9ac97e 100644 --- a/src/pal/quote_generation.h +++ b/src/pal/quote_generation.h @@ -3,7 +3,6 @@ #pragma once #include "ds/files.h" -#include "ds/system.h" #include #include @@ -23,13 +22,7 @@ namespace ccf::pal auto j = nlohmann::json::object(); - const auto uname = ccf::ds::system::exec("uname -a"); - if (!uname.has_value()) - { - throw std::runtime_error("Error calling uname"); - } - - j["measurement"] = uname.value(); + j["measurement"] = "Insecure hard-coded virtual measurement v1"; j["host_data"] = package_hash.hex_str(); files::dump(j.dump(2), virtual_attestation_path("measurement")); diff --git a/tests/code_update.py b/tests/code_update.py index a56ef8d03b95..0e54ddd7c6e7 100644 --- a/tests/code_update.py +++ b/tests/code_update.py @@ -51,7 +51,7 @@ def test_verify_quotes(network, args): j = r.body.json() if j["format"] == "Insecure_Virtual": # A virtual attestation makes 3 claims: - # - The measurement (same on many nodes) is the result of calling `uname -a` + # - The measurement (same on any virtual node) is a hard-coded string, currently unmodifiable claimed_measurement = j["measurement"] # For consistency with other platforms, this endpoint always returns a hex-string. # But for virtual, it's encoding some ASCII string, not a digest, so decode it for readability diff --git a/tests/infra/utils.py b/tests/infra/utils.py index 041dc574658a..303d7f0e8c30 100644 --- a/tests/infra/utils.py +++ b/tests/infra/utils.py @@ -8,8 +8,7 @@ def get_measurement(enclave_type, enclave_platform, package, library_dir="."): if enclave_platform == "virtual": - result = infra.proc.ccall("uname", "-a") - return result.stdout.decode().strip() + return "Insecure hard-coded virtual measurement v1" else: raise ValueError(f"Cannot get measurement on {enclave_platform}")